<?php
session_start();
include '../include/Mysql.Class.php';
include '../include/config.php';
?>
<!doctype html public "-//w3c//dtd html 4.0 transitional//en" >
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<?php
$username = $_POST['username'];
$userpwd = md5($_POST['userpwd']);
$validate = $_POST['validate'];
if ($validate != $_SESSION['auth']){
    echo "<script language='javascript'>alert('验证码错误!');window.location.href='login.php';</script>";
}else{
    $conn = new mysqli($GLOBALS['mydbhost'], $GLOBALS['mydbuser'], $GLOBALS['mydbpw'],$GLOBALS['mydbname']);
    $stmt = $conn->prepare("select servicestation.*,countyTypeName from servicestation join countytype on servicestation.countytypeid = countytype.countytypeid where servicestationid=? and serviceStationPwd=?");
    $stmt->bind_param("ss", $username, $userpwd);
    $stmt->execute();
    $result = $stmt->get_result();
    if ($row = $result->fetch_assoc()) {
        $_SESSION['code'] = $row['serviceStationId'];
        $_SESSION['name'] = $row['serviceStationName'];
        $_SESSION['countyType'] = $row['countyTypeId'];
        $_SESSION['countyTypeName'] = $row['countyTypeName'];
        $_SESSION['userId'] = $row['userId'];
        $_SESSION['pwd'] = $_POST['userpwd'];
        $_SESSION['companyname'] = $row['companyname'];
        echo "<script language='javascript'>alert('登录成功!');window.location.href='main.php';</script>";
    } else {
       echo "<script language='javascript'>alert('用户名或密码错误!');window.location.href='login.php';</script>";
    }
}
?>
</body>
</html>
